Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2012-12-10 17:16:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2012-09-26 16:21:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2012-12-10 17:16:53.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Dec 7 10:49:11 UTC 2012 - [email protected] + +- Add libxml2-CVE-2012-5134.patch to fix CVE-2012-5134 (bnc#793334) + +------------------------------------------------------------------- New: ---- libxml2-CVE-2012-5134.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.EgdYt5/_old 2012-12-10 17:16:55.000000000 +0100 +++ /var/tmp/diff_new_pack.EgdYt5/_new 2012-12-10 17:16:55.000000000 +0100 @@ -29,6 +29,8 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2: baselibs.conf Patch0: fix-perl.diff +# PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) +Patch1: libxml2-CVE-2012-5134.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -125,6 +127,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build %configure --disable-static \ ++++++ libxml2-CVE-2012-5134.patch ++++++ >From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001 From: Daniel Veillard <[email protected]> Date: Mon, 29 Oct 2012 02:39:55 +0000 Subject: Fix potential out of bound access --- Index: libxml2-2.8.0/parser.c =================================================================== --- libxml2-2.8.0.orig/parser.c 2012-05-18 09:30:30.000000000 +0200 +++ libxml2-2.8.0/parser.c 2012-12-07 12:00:57.111732279 +0100 @@ -3931,7 +3931,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr c = CUR_CHAR(l); } if ((in_space) && (normalize)) { - while (buf[len - 1] == 0x20) len--; + while ((len > 0) && (buf[len - 1] == 0x20)) len--; } buf[len] = 0; if (RAW == '<') { -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
